Priya Chandran

Authenticated and persistent skip graph: a data structure for cloud based data-centric applications

Cloud computing has evolved as a popular computing environment. In data centric applications hosted on the cloud, data is accessed and updated in a purely distributed manner. The distributed data structures used for dynamic storage of the data for such applications require two fundamental qualities, authentication and persistence, which are not completely met by existing distributed data structures. Authentication is a crucial requirement for data structures used on the cloud, as users need to be convinced about the validity of the data they receive. Moreover the data structure has to be persistent, so that changes can be made to the data structure without losing old data, or old versions of the data structure, which may be required by different users in the distributed environment. In this paper we present authenticated and persistent skip graph, an enhanced variant of the existing skip graph. It is based on an event based model, to correspond to the distributed data centric application requirements. Skip graphs are randomized data structures based on skip lists, proposed for use in distributed applications. But skip graphs are neither persistent nor authenticated. The fat node technique is adapted here for providing persistence, and a role based access control, with a cryptographic scheme is used to ensure valid data update and verify the validity of the retrieved data. Our data structure is proved to be efficient in terms of time and space complexities.

Object serialization support for object oriented java processors

This paper describes serialization support in an object oriented Java processor like jHISC. The relevance of serializing an object confines to situations when an object has to be sent over network or stored as a persistent object. But these are not rare scenarios when an application in a mobile device is considered. This paper proposes a serialization functional unit which consists of a serialization unit and deserialization unit along with descriptors and pool to describe and store serialized objects. This design can enhance the performance of Java based mobile devices which runs applications those communicate with similar applications very often. This design makes use of architectural features of processors like jHISC. This design can contribute much to Java based mobile computing in the near future.

Virtual Machine Isolation

The popularity and widespread adoption of cloud computing has resulted in extensified and intensive use of virtualization technology. Virtualization technology allows the sharing of the same physical resources among several users. This enables the consolidation of servers and a multitude of user machines into a very small set of physical servers, by replacing the physical machines with virtual machines, running on the same physical servers. Consequently, several users work on and store their data in the same physical platform. A software layer is used to enable the sharing of hardware between the different users. Understandably, this leads to apprehensions about the security of their data and working environment for the users, as these are situated only one software layer apart from those belonging to the other users. Centralized storage and centralized computing thus naturally raise the question of security of user’s data, and motivate studies on how data security could possibly be compromised. This article surveys the security concerns in virtualization technology. It includes a study of different attacks in the context of virtualization, and logically organizes them in different categories. Where available, the patches to the attacks are also included in the survey. A special focus of the survey is on hardware limitations to support virtualization, and the conclusion drawn is that hardware limitations of different types are the root cause of most of the security issues.

Erasure coded storage systems for cloud storage — challenges and opportunities

Erasure coded storage schemes offer a promising future for cloud storage. Highlights of erasure coded storage systems are that these offer the same level of fault tolerance as that of replication, at lower storage footprints. In the big data era, cloud storage systems based on data replication are of dubious usability due to 200% storage overhead in data replication systems. This has prompted storage service providers to use erasure coded storage as an alternative to replication. Refinements are required in various aspects of erasure coded storage systems to make it a real contender against data replication based storage systems. Streamlining huge bandwidth requirements during the recovery of failed nodes, inefficient update operations, effect of topology in recovery and consistency requirements of erasure coded storage systems, are some areas which need attention. This paper presents an in-depth study on the challenges faced, and research pursued in some of these areas. The survey shows that more research is required to improve erasure coded storage system from being bandwidth crunchers to efficient storage systems. Another challenge that has emerged from the study is the requirement of elaborate research for upgrading the erasure coded storage systems from being mere archival storage systems by providing better update methods. Provision of multiple level consistency in erasure coded storage is yet another research opportunity identified in this work. A brief introduction to open source libraries available for erasure coded storage is also presented in the paper.

Extended-HyperWall: Hardware support for rollback secure virtualization

Virtualization is a vital part of computing today. Rollback is an important feature to be supported by virtualization. However, hackers leverage rollback and pose serious security threats to systems running in a virtualized environment. The aim of this paper is to identify such security threats and propose a comprehensive solution. In this paper, we propose Extended-HyperWall architecture as a solution to security of Virtual Machines (VMs) in a fully virtualized environment. Extended-HyperWall architecture is an integration of HyperWall with Rollback Sensitive Data Memory with Architecture Assistance (RSDM-A). HyperWall is a system that proposes hardware support to ensure confidentiality and integrity of a VMs data, with an assumption that hypervisor cannot be trusted. RSDM-A is an architectural support to a virtualized system that separates rollback sensitive data from rollback non-sensitive data which is one of the major causes of threats that arises due to rollback. Extended-HyperWall integrates CIP-table (Confidentiality and Integrity Table to ensure confidentiality and integrity of data) and RSDM-table (Rollback Sensitive Data Memory to protect the system from rollback attacks). The paper illustrates the design of Extended-HyperWall, and its implementation on the Xen Hypervisor kernel for testing and analysis.

A secure and efficient multi-authority proactive election scheme

In this paper we present a new secret-ballot multiauthority election scheme that is proactive and guarantees privacy, universal verifiability and robustness. In our scheme, a voter posts a single encrypted message as the ballot, accompanied by a non-interactive proof that it contains a valid vote. Our scheme is an efficient modification of the result by [CGS97]. The process of key recovery for decryption of votes in our scheme requires only O(r) steps, where r is the number of authorities required to decrypt the key, and the number of messages required for initial setup of the scheme is O(n), where n is the total number of authorities. The time complexity of key recovery in [CGS97] is O(rlog2r) and the complexity of number of messages is O(n2). Thus the proposed scheme is more efficient in terms of time complexity and number of messages required to be sent. We also outline a simple and elegant technique to make our scheme proactive. Our implementation results demonstrate the improved time complexity of the proposed scheme.

Curtailing job completion time in MapReduce clouds through improved Virtual Machine allocation

Study and analysis of the virtual machine allocation problem in MapReduce cloud environment.Establishment of the positive correlation between throughput and adjacency of nodes executing MapReduce tasks.Proof of NP-hardness of virtual machine allocation problem.Efficient algorithms for virtual machine allocation in MapReduce cloud environment. Display Omitted Cloud-based MapReduce platforms offer ready to use MapReduce clusters. The problem of allocating Virtual Machines (VMs) carrying out the computation, for minimizing data transfer delay is a crucial one in this context, as the MapReduce tasks are communication intensive. The interaction between VMs may face varying delays, if the VMs are hosted in different Physical Machines (PMs). This work aims to optimize the data transfer delay between VMs, which is denoted by the distance between the VMs. We propose an approximation algorithm for VM allocation in data centers wherein the distances between VMs satisfy triangular inequality and an optimization algorithm for VM allocation in data centers where the distances between VMs do not satisfy triangular inequality. Simulations on CloudSim demonstrate the performance of our algorithms and the results affirm the reduction in job completion time compared to other allocation schemes.

“Who are the key players behind a disease state?”: Outcomes of a new computational approach on cancer data

The problem of identifying disease causing genes and dysregulated pathways has attained a key position in computational biology research, as it helps in understanding major causal genes and their interactions behind a disease state and thereby enables proposing new drug targets. The development of computational approaches for the inference of disease causing genes and associated pathways can improve the accuracy and efficiency and reduce the cost of biomedical analysis. Identification of disease causing genes from the large set of genes produced by high throughput experiments is a time consuming and costly process. Based on the fact that interactions among several genes results in certain phenotypes, the molecular interaction network is a major resource for computational approaches to identify disease causing genes and associated pathways. Executing computations on the huge molecular interaction network is also major challenge. Here, we address the problem of inferring disease causing genes and their pathways using graph theoretical approaches which focus on reducing the execution time by using graph pruning techniques, without compromising on accuracy of results. Experimentation on real biological data shows reduced execution time and increased accuracy than other methods reported in literature on benchmark datasets, on using the proposed technique.

Dynamic partitioning of physical memory among virtual machines: ASMI:architectural support for memory isolation

It is an open challenge for virtualization technology architects to provide security to Virtual Machine (VM), in the presence of an infected hypervisor, without much compromise on performance. A few hardware modifications have been introduced by manufactures like Intel and AMD to provide a secure VM environment with low performance degradation. These solutions are unable to provide VM isolation in the presence of an infected hypervisor. In this paper we propose a novel memory architecture model, that can achieve a secure physical memory region to each VM without performance degradation.

A formal framework for comparing group key agreement protocols with partial forward secrecy

Group key agreement protocols form an essential part of secure group communications. Providing perfect forward secrecy is one of the security requirements of group key agreement protocols. However not all protocols can meet the above requirement and they provide only partial forward secrecy. Partial forward secrecy considers the secrecy of a previously agreed session key, when some long-term keys used in the computation of session key, is compromised. Among the protocols which satisfy partial forward secrecy, the one with lesser probability of loss of session key given that the long-term keys are probably compromised, would be stronger than those with a higher probability of loss of session key given that the long-term keys are compromised with the same probability. To the best of our understanding no formal technique has been proposed for comparing protocols providing partial forward secrecy. We propose a formal framework for comparing group key agreement protocols with respect to partial forward secrecy. A metric - degree of partial forward secrecy - has been introduced to make the comparison. An algorithm is proposed for the computation of the metric. The proposed formal framework is illustrated by comparing a set of group key agreement protocols providing a wide range of partial forward secrecy and which uses different cryptographic primitives. The formal framework would be first step towards development of tools for comparison of group key agreement protocols with respect to partial forward secrecy.